41 Commits

Author SHA1 Message Date
Zuul
9416bcc21d Merge "ffu: Introduce Cinder fast-forward upgrade tasks" 2018-02-21 19:33:17 +00:00
Lee Yarwood
d2073a13a2 ffu: Introduce Cinder fast-forward upgrade tasks
fast_forward_upgrade_tasks for Glance covering Ocata and Pike.
- Service status check
- Stop services when updating from Ocata to Pike
- Update cinder packages
- Db sync

Resolves: rhbz#1536010
Closes-Bug: #1744056
bp fast-forward-upgrades
Change-Id: I172c3a1868a8b7a94b282cbe5c2f6b323f7ca101
2018-02-20 13:22:04 -05:00
Giulio Fidente
0b1afb48e5 Allows for configuration of the Ceph cluster name
To be able to support multiple Ceph cluster, an initial step is
to allow for configuration of each cluster name.

Depends-On: I8d5293eaaf104b6374dfa13992a67ddc37397f10
Implements: blueprint custom-ceph-cluster-name
Change-Id: I1b4d51ca6a2d08fa7a68eea680eb104eff732057
2018-02-20 11:35:01 +01:00
Zuul
0b719f3023 Merge "Unify the Cinder HA and non-HA docker configurations" 2018-02-15 19:27:45 +00:00
Alan Bishop
f89d8d2077 Unify the Cinder HA and non-HA docker configurations
Relocate the list of docker volumes used by the CinderVolume and
CinderBackup services so that a common list can be used in both HA and
non-HA deployments. For HA, the list is passed to puppet-tripleo via
hiera data.

Closes-Bug: #1748290
Depends-On: I4ba0d78ad17183b97290b853a6c103e55bc8977c
Change-Id: I41d6ff1dc60a799cec18fbeb64c8b63961953388
2018-02-15 02:34:33 +00:00
Lukas Bezdicka
0cb5c847f3 Always evaluate step first in conditional
If we use variables defined in later step in conditional before
checking which step are we on we will fail.

Resolves: rhbz#1535457
Closes-Bug: #1743764
Change-Id: Ic21f6eb5c4101f230fa894cd0829a11e2f0ef39b
2018-02-09 17:12:29 +01:00
Zuul
5a219d53bf Merge "Cinder containers: volume and env customizations" 2018-01-15 21:21:22 +00:00
Zuul
1af7729939 Merge "Convert tags to when statements for Q major upgrade workflow" 2018-01-13 09:39:38 +00:00
Dan Prince
7bd89420f2 Cinder containers: volume and env customizations
This patch will allow custom volume and env variables for the
cinder-volume container.

This is likely going to be needed by some Cinder backends who may not
have in-tree TripleO integration yet and need these types of
customizations.

Change-Id: I825c5373c7c4ab6896579eae705bc034f67fb68f
2018-01-12 16:50:56 -05:00
Martin André
8eb351d588 Fix path for iscsi config file
We changed the bind mount to be /etc/iscsi in
I838427ccae06cfe1be72939c4bcc2978f7dc36a8, we need to copy the files to
/etc/iscsi so that they do not end up at '/' in the container.

Change-Id: Id5c1f16d08ffd36a35a6669d64460a7b2240d401
Closes-Bug: #1741850
2018-01-09 10:56:31 +01:00
marios
dec003def8 Convert tags to when statements for Q major upgrade workflow
This converts "tags: stepN" to "when: step|int == N" for the direct
execution as an ansible playbook, with a loop variable 'step'.
The tasks all include the explicit cast |int.

This also adds a set_fact task for handling of the package removal
with the UpgradeRemovePackages parameter (no change to the interface)

The yaml-validate also now checks for duplicate 'when:' statements

Q upgrade spec @ Ibde21e6efae3a7d311bee526d63c5692c4e27b28
Related Blueprint: major-upgrade-workflow
[0]: 394a92f761/tripleo_common/utils/config.py (L141)
Change-Id: I6adc5619a28099f4e241351b63377f1e96933810
2018-01-08 13:57:47 +02:00
Bogdan Dobrelya
82f128f15b Fix puppet config volume for iscsid in containers
Bind mount the /etc/iscsi host path for iscsi container puppet config.
Use the real host path /etc/iscsi for containers dependsing on it.

Closes-bug: #1735425

Change-Id: I838427ccae06cfe1be72939c4bcc2978f7dc36a8
Depends-on: I7e9f0641164691682516ac3e72e2145c7d112409
Co-authored-by: Alan Bishop <abishop@redhat.com>
Co-authored-by: Martin André <m.andre@redhat.com>
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
2018-01-02 17:14:17 +00:00
Zuul
1942568e87 Merge "Add validation task in docker services [cinder]" 2017-12-01 05:29:24 +00:00
Carlos Camacho
927495fe3d Change template names to queens
The new master branch should point now to queens instead of pike.

So, HOT templates should specify that they might contain features
for queens release [1]

[1]: https://docs.openstack.org/heat/latest/template_guide/hot_spec.html#queens

Change-Id: I7654d1c59db0c4508a9d7045f452612d22493004
2017-11-23 10:15:32 +01:00
Zuul
5da47d2e4f Merge "Set file mode permission for Ceph keyrings in containers" 2017-11-21 01:00:07 +00:00
Zuul
6a72a9f1b4 Merge "Drop step_config as top level docker requirement" 2017-11-17 08:33:29 +00:00
Dan Prince
a307fe7ffc Drop step_config as top level docker requirement
Step config is only required within the puppet_configs section
of docker/services/*. This patch drops the top level 'step_config'
and updates the unit tests accordingly.

Change-Id: I7dc7cfae3ef1965ec95b1d9ef23e7f162418c034
2017-11-15 16:01:16 -05:00
John Fulton
ce7b65f443 Set file mode permission for Ceph keyrings in containers
Pass mode parameter to ceph-ansible for Ceph keyrings on container
host. Pass mode and ownership parameter to each Ceph client container
using kolla_config. ACLs are set for Cinder if it is not running in
containers.

Change-Id: I11618b3fd696739ad9b86618a1f3f96570c61a30
Partial-Bug: #1720787
2017-11-15 15:03:41 +00:00
Jiri Stransky
85ec193403 Write readme.txt into old log directories
This should help operators find the new log files. We do have them
documented, but not everybody reads every word in the docs :)

The readme creation has ignore_errors: true so that if the directory
isn't present at all (e.g. on deployed server environments, which
don't have openstack packages installed), we don't fail the deployment
when we're not able to create the readme.

Change-Id: I6b36db7b7ce8b3e4da566eb7828d0c3b8646a14f
Partial-Bug: #1730957
2017-11-14 10:35:11 +01:00
Zuul
c8f6b8ec97 Merge "Explicitly set healthcheck command." 2017-11-08 18:06:02 +00:00
Eric Harney
05b6147246 Set ipc=host for services attaching encrypted volumes
Without ipc=host set, cryptsetup/devicemapper will never
see devices created when running "cryptsetup luksOpen",
causing the command to hang.

This is required for attaching encrypted Cinder volumes.

Closes-Bug: #1729419
Change-Id: Ic7184b1fbbafea266f8ec1e7974d0a4a2cf4d750
2017-11-02 05:33:47 +00:00
Carlos Camacho
d4477a8ea3 Add validation task in docker services [cinder]
Docker services are missing the pre-upgrade validation task
in the upgrade_tasks section which verifies if the service
is running before stopping it.

Change-Id: I3d0b68eaf11b78f3422e026710d062f7e9455508
Partial-Bug: #1704389
2017-10-19 12:10:32 +02:00
marios
ce0ef2fa20 Remove package if service stopped and disabled
Adds a UpgradeRemoveUnusedPackages param to use
in the ansible when conditional for the removal

Adds package removal to step2 right after a service
is stopped and disabled on step2. Package updates
happen in step3 so ideally remove before that.

The package removal task has ignore_errors true
so dependencies or other issue removing packages will
not fail the upgrade workflow.

Also adds this to the upgrade environment files
for visibility and defaulting false

Change-Id: Ie4e4a2d41f7752c5a13507a7c15c6f68e203cfca
Related-Bug: 1701501
2017-10-05 11:50:58 +00:00
Ian Main
627971b2a1 Explicitly set healthcheck command.
We were setting them in the Dockerfile's previously.  However this
caused the healtcheck commands to always run regardless of which
process we were running in the container.  This caused 'unhealthy'
containers at times they were never intended to be checked.  This
change makes it so they are explicitly set.

Change-Id: I7bc12d236b3cc7a52d3e6aa706fd04675dad3a9a
2017-09-28 17:20:00 -04:00
Juan Badia Payno
5dbe1121e9 docker: add logging(source & groups)
The services that docker depends on, have logging_sources and logging_groups;
but those are not set on the docker outputs so they are not used when dockers
are deployed.

Added logging_source & logging_groups as docker optional parameters in
tools/yaml-validate.py

Closes-Bug: #1718110
Change-Id: I8795eaf4bd06051e9b94aa50450dee0d8761e526
2017-09-27 07:37:14 +00:00
John Fulton
50c1187375 Cinder volume/backup containers shouldn't mount two paths at same point
Docker refuses to start the container because config_files/src-ceph:ro
is mounted at both /etc/ceph and config-data/puppet-generated/ceph.
The mount to /var/lib/config-data/puppet-generated/ceph should have
been removed in commit ed0b77ff93a1a1e071d32f6a758e04c6d0b041ef.

Change-Id: I411b4764a54fc21e97e4c41a5fef00c7e6e2b64d
Closes-Bug: #1707956
2017-08-02 02:54:56 +00:00
Damien Ciabrini
0cb45d65c6 Generate MySQL client config if service requires database
Services that access database have to read an extra MySQL configuration file
/etc/my.cnf.d/tripleo.cnf which holds client-only settings, like client bind
address and SSL configuration. The configuration file is thus used by
containerized services, but also by non-containerized services that still
run on the host.

In order to generate that client configuration file appropriately both on the
host and for containers, 1) the MySQLClient service must be included by the
role; 2) every containerized service which uses the database must include the
mysql::client profile in the docker-puppet config generation step.

By including the mysql::client profile in each containerized service, we ensure
that any change in configuration file will be reflected in the service's
/var/lib/config-data/{service}, and that paunch will restart the service's
container automatically.

We now only rely on MySQLClient from puppet/services, to make it possible to
generate /etc/my.cnf.d/tripleo.cnf on the host, and to set the hiera keys that
drive the generation of that config file in containers via docker-puppet.

We include a new YAML validation step to ensure that any service which depends
on MySQL will initialize the mysql::client profile during the docker-puppet
step.

Change-Id: I0dab1dc9caef1e749f1c42cfefeba179caebc8d7
2017-07-27 13:41:13 -04:00
Giulio Fidente
ed0b77ff93 Provides Ceph config into OpenStack clients
Given ceph-ansible or puppet-ceph will have created the Ceph
config files and keyrings in /etc/ceph on baremetal, this change
copies into the OpenStack containers the necessary files for the
services to be able to connect to the Ceph cluster.

Change-Id: Ibc9964902637429209d4e1c1563b462c60090365
2017-07-25 22:08:06 +00:00
Jenkins
84e6bff8a6 Merge "Refactor iscsi initiator-name reset into separate service" 2017-07-24 04:36:35 +00:00
Jenkins
7e4f7dd2b0 Merge "Allow modprobing from cinder-volume container" 2017-07-18 17:19:19 +00:00
Jenkins
511d34eedc Merge "LVM in cinder-volume container without udev" 2017-07-18 17:18:18 +00:00
Oliver Walsh
8e5bb308cf Refactor iscsi initiator-name reset into separate service
This currently assumes nova-compute and iscsid run in the same context which
isn't true for a containerized deployment

Change-Id: I11232fc412adcc18087928c281ba82546388376e
Depends-On: I91f1ce7625c351745dbadd84b565d55598ea5b59
Depends-On: I0cbb1081ad00b2202c9d913e0e1759c2b95612a5
2017-07-17 13:56:15 +01:00
Jenkins
2185b83560 Merge "Use a single configuration file for specifying docker containers." 2017-07-15 06:19:13 +00:00
Ian Main
e76d84f784 Use a single configuration file for specifying docker containers.
This removes the default container names from all the templates
and uses a single environment file to specify the full container
name and registry from which to pull.  Also does away with most
of DockerNamespace.

Change-Id: Ieaedac33f0a25a352ab432cdb00b5c888be4ba27
Depends-On: Ibc108871ebc2beb1baae437105b2da1d0123ba60
Co-Authored-By: Dan Prince <dprince@redhat.com>
Co-Authored-By: Steve Baker <sbaker@redhat.com>
2017-07-14 22:23:02 +00:00
Giulio Fidente
baf6eee501 Adds network/cidr mapping into a new service property
Makes it possible to resolve network subnets within a service
template; the data is transported into a new property ServiceData
wired into every service which hopefully is generic enough to
be extended in the future and transport more data.

Data can be consumed in service templates to set config values
which need to know what is the subnet where a deamon operates (for
example the Ceph Public vs Cluster network).

Change-Id: I28e21c46f1ef609517175f7e7ee19e28d1c0cba2
2017-07-14 13:44:04 +02:00
Jiri Stransky
dddbd21371 Allow modprobing from cinder-volume container
When using LVM/iSCSI backend, cinder-volume tries to modprobe configfs
module. We need the modules dir bind mounted for this to succeed.

Co-Authored-By: Gorka Eguileor <geguileo@redhat.com>
Change-Id: I7bfeaa66915e663726acdf3458db80821fbd3d6b
Closes-Bug: #1701321
2017-07-11 15:06:23 +02:00
Jiri Stransky
e718f93872 LVM in cinder-volume container without udev
Disabling udev usage from LVM seems to be the only observed working
way of running containerized cinder-volume with local LVM backend.

I didn't come across reports that not using udev would have negative
impact on the functionality.

Additional info at
https://groups.google.com/forum/#!topic/docker-user/n4Xtvsb4RAw

Change-Id: I491795deab0c37d1bad3b50524481e0b76529667
Depends-On: I1bf395a6228dba66fa6bf9b8bcc9f3ac3d922a49
Closes-Bug: #1700982
2017-07-11 15:05:42 +02:00
Martin André
cf18e865d1 Copy only generated puppet files into the container
This solves a problem with bind-mounts when the containers are holding
files descriptors open.

At the same time this makes the template more robust to puppet changes
since new config files will be available in the containers without
needing to update the templates.

Partial-Bug: #1698323
Change-Id: Ia4ad6d77387e3dc354cd131c2f9756939fb8f736
2017-07-10 11:13:25 +02:00
Martin André
a474ae82d5 Add heat parameter for all of config_volume images
This commit consistently defines a heat template parameter in the form
of DockerXXXConfigImage where XXX represents the name of the
config_volume that is used by docker-puppet.

The goal is to mitigate hard to debug errors where the templates would
set different defaults for the image docker-puppet.py uses to run, for
the same config_volume name.

This fixes a couple of inconsistencies on the way.

Change-Id: I212020a76622a03521385a6cae4ce73e51ce5b6b
Closes-Bug: #1699791
2017-06-28 10:48:53 +02:00
Jiri Stransky
8fc970a12a Conditional LVM storage setup for cinder-volume
Set up the LVM storage only if we're using iSCSI backend.

Change-Id: I62e8f9cc38b201aebd1799e05ffc1398d13a9aa0
2017-06-13 12:25:32 +02:00
Dan Prince
54c31f664f Docker service for Cinder Volume
Adds docker service for Cinder Volume

Co-Authored-By: Jon Bernard <jobernar@redhat.com>

Depends-On: Ic1585bae27c318bd6bafc287e905f2ed250cce0f

Partial-bug: #1668920

Change-Id: Ifadb007897f3455b90de6800751a0d08991ebca2
2017-06-12 10:04:59 -04:00